[PATCH] securityfs: Add missing d_delete() call on removal
keescook at chromium.org
Wed May 6 15:34:29 UTC 2020
On Wed, May 06, 2020 at 05:02:52AM +0100, Al Viro wrote:
> On Tue, May 05, 2020 at 08:28:33PM -0700, Kees Cook wrote:
> > On Wed, May 06, 2020 at 02:14:31AM +0100, Al Viro wrote:
> > > On Tue, May 05, 2020 at 04:40:35PM -0700, Kees Cook wrote:
> > > > After using simple_unlink(), a call to d_delete() is needed in addition
> > > > to dput().
> > > >
> > > > Signed-off-by: Kees Cook <keescook at chromium.org>
> > > > ---
> > > > Is this correct? I went looking around and there are a lot of variations
> > > > on the simple_unlink() pattern...
> > > >
> > > > Many using explicit locking and combinations of d_drop(), __d_drop(), etc.
> > >
> > > Quite a few of those should switch to simple_recursive_removal(). As for
> > > securityfs... d_drop() is _probably_ a saner variant, but looking at the
> > > callers of that thing... at least IMA ones seem to be garbage.
> > Hmm, I dunno. I hadn't looked at these yet. I'm not sure what's needed
> > for those cases.
> > Is my patch to add d_delete() correct, though? I'm trying to construct
> > the right set of calls for pstore's filesystem, and I noticed that most
> > will do simple_unlink(), d_delete(), dput(), but securityfs seemed to be
> > missing it.
> d_drop(). d_delete() is for the situations when you want the sucker
> to become a hashed negative, if at all possible.
I'm not sure what that means. :) Should stuff like apparmorfs be changed
> Re pstore: context, please.
Just posted the whole series:
But the specific question was driven by this patch:
More information about the Linux-security-module-archive